diff --git a/go.mod b/go.mod index e887bece1..5ec669b64 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/ghodss/yaml v1.0.0 github.com/go-bindata/go-bindata v3.1.2+incompatible github.com/google/go-cmp v0.7.0 - github.com/openshift/api v0.0.0-20250710082954-674ad74beffc + github.com/openshift/api v0.0.0-20250821192933-3d5bf11af6e6 github.com/openshift/build-machinery-go v0.0.0-20250602125535-1b6d00b8c37c github.com/openshift/client-go v0.0.0-20250710075018-396b36f983ee github.com/openshift/library-go v0.0.0-20250711143941-47604345e7ea diff --git a/go.sum b/go.sum index c5bd9cb27..ba1927ef8 100644 --- a/go.sum +++ b/go.sum @@ -164,8 +164,8 @@ github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8= github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY= -github.com/openshift/api v0.0.0-20250710082954-674ad74beffc h1:DpweDMwuEuZKVUmYeqj3kBKdt5q8lGwSoIqpnLb0A9M= -github.com/openshift/api v0.0.0-20250710082954-674ad74beffc/go.mod h1:SPLf21TYPipzCO67BURkCfK6dcIIxx0oNRVWaOyRcXM= +github.com/openshift/api v0.0.0-20250821192933-3d5bf11af6e6 h1:AhVi3OFUeNnpccbbsVPoaJxD1yl7ULb8oLV3BV13uJQ= +github.com/openshift/api v0.0.0-20250821192933-3d5bf11af6e6/go.mod h1:SPLf21TYPipzCO67BURkCfK6dcIIxx0oNRVWaOyRcXM= github.com/openshift/build-machinery-go v0.0.0-20250602125535-1b6d00b8c37c h1:gJvhduWIrpzoUTwrJjjeul+hGETKkhRhEZosBg/X3Hg= github.com/openshift/build-machinery-go v0.0.0-20250602125535-1b6d00b8c37c/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE= github.com/openshift/client-go v0.0.0-20250710075018-396b36f983ee h1:tOtrrxfDEW8hK3eEsHqxsXurq/D6LcINGfprkQC3hqY= diff --git a/vendor/github.com/openshift/api/.golangci.yaml b/vendor/github.com/openshift/api/.golangci.yaml index c5278d9c8..6a22f6157 100644 --- a/vendor/github.com/openshift/api/.golangci.yaml +++ b/vendor/github.com/openshift/api/.golangci.yaml @@ -25,10 +25,28 @@ linters: preference: WhenRequired policy: SuggestFix omitEmpty: - # Ignore missing omitempty so that we can omit the omitempty for discoverability. - # Discoverability is for configuration APIs, generally singletons. - # Refer to the API conventions for when to use discoverability (not our default stance). - policy: Ignore + # This will force omitempty on optional fields. + # This is in line with upstream guidance where optional fields should be omitted + # from the serialized output unless they are non-zero. + policy: SuggestFix + omitzero: + # This will force omitzero on optional struct fields. + # This means they can be omitted correctly and prevents the need for pointers to structs. + policy: SuggestFix + requiredFields: + pointers: + # This will force pointers when the field is required, but only when the zero + # value is a valid user choice, and has a semantic difference to being omitted (e.g. replicas allows 0). + policy: SuggestFix + omitempty: + # This will force omitempty on required fields. + # We do this so that the behaviour of not setting a value for the field is the same between + # both structured and unstructured clients. + policy: SuggestFix + omitzero: + # This will force omitzero on required struct fields. + # This means they can be omitted correctly and prevents the need for pointers to structs. + policy: SuggestFix uniqueMarkers: customMarkers: - identifier: "openshift:validation:FeatureGateAwareEnum" diff --git a/vendor/github.com/openshift/api/OWNERS b/vendor/github.com/openshift/api/OWNERS index ff904b63a..ebd9a2f45 100644 --- a/vendor/github.com/openshift/api/OWNERS +++ b/vendor/github.com/openshift/api/OWNERS @@ -1,7 +1,7 @@ reviewers: - - deads2k - JoelSpeed - everettraven approvers: - deads2k - JoelSpeed + - everettraven diff --git a/vendor/github.com/openshift/api/config/v1/types_authentication.go b/vendor/github.com/openshift/api/config/v1/types_authentication.go index 004e94723..52a41b2fe 100644 --- a/vendor/github.com/openshift/api/config/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/config/v1/types_authentication.go @@ -91,6 +91,7 @@ type AuthenticationSpec struct { // +kubebuilder:validation:MaxItems=1 // +openshift:enable:FeatureGate=ExternalOIDC // +openshift:enable:FeatureGate=ExternalOIDCWithUIDAndExtraClaimMappings + // +optional OIDCProviders []OIDCProvider `json:"oidcProviders,omitempty"` } @@ -253,9 +254,16 @@ type TokenIssuer struct { // The Kubernetes API server determines how authentication tokens should be handled // by matching the 'iss' claim in the JWT to the issuerURL of configured identity providers. // - // issuerURL must use the 'https' scheme. + // Must be at least 1 character and must not exceed 512 characters in length. + // Must be a valid URL that uses the 'https' scheme and does not contain a query, fragment or user. // - // +kubebuilder:validation:Pattern=`^https:\/\/[^\s]` + // +kubebuilder:validation:XValidation:rule="isURL(self)",message="must be a valid URL" + // +kubebuilder:validation:XValidation:rule="isURL(self) && url(self).getScheme() == 'https'",message="must use the 'https' scheme" + // +kubebuilder:validation:XValidation:rule="isURL(self) && url(self).getQuery() == {}",message="must not have a query" + // +kubebuilder:validation:XValidation:rule="self.find('#(.+)$') == ''",message="must not have a fragment" + // +kubebuilder:validation:XValidation:rule="self.find('@') == ''",message="must not have user info" + // +kubebuilder:validation:MaxLength=512 + // +kubebuilder:validation:MinLength=1 // +required URL string `json:"issuerURL"` @@ -320,10 +328,10 @@ type TokenClaimMappings struct { // used to construct the extra attribute for the cluster identity. // When omitted, no extra attributes will be present on the cluster identity. // key values for extra mappings must be unique. - // A maximum of 64 extra attribute mappings may be provided. + // A maximum of 32 extra attribute mappings may be provided. // // +optional - // +kubebuilder:validation:MaxItems=64 + // +kubebuilder:validation:MaxItems=32 // +listType=map // +listMapKey=key // +openshift:enable:FeatureGate=ExternalOIDCWithUIDAndExtraClaimMappings @@ -375,10 +383,10 @@ type TokenClaimOrExpressionMapping struct { // Precisely one of claim or expression must be set. // expression must not be specified when claim is set. // When specified, expression must be at least 1 character in length - // and must not exceed 4096 characters in length. + // and must not exceed 1024 characters in length. // // +optional - // +kubebuilder:validation:MaxLength=4096 + // +kubebuilder:validation:MaxLength=1024 // +kubebuilder:validation:MinLength=1 Expression string `json:"expression,omitempty"` } @@ -437,12 +445,12 @@ type ExtraMapping struct { // For example, the 'sub' claim value can be accessed as 'claims.sub'. // Nested claims can be accessed using dot notation ('claims.foo.bar'). // - // valueExpression must not exceed 4096 characters in length. + // valueExpression must not exceed 1024 characters in length. // valueExpression must not be empty. // // +required // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:MaxLength=4096 + // +kubebuilder:validation:MaxLength=1024 ValueExpression string `json:"valueExpression"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 1fc06418c..4d911877e 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -532,7 +532,7 @@ type AWSPlatformStatus struct { // // +default={"dnsType": "PlatformDefault"} // +kubebuilder:default={"dnsType": "PlatformDefault"} - // +openshift:enable:FeatureGate=AWSClusterHostedDNS + // +openshift:enable:FeatureGate=AWSClusterHostedDNSInstall // +optional // +nullable CloudLoadBalancerConfig *CloudLoadBalancerConfig `json:"cloudLoadBalancerConfig,omitempty"` @@ -594,6 +594,19 @@ type AzurePlatformStatus struct { // +listType=atomic // +optional ResourceTags []AzureResourceTag `json:"resourceTags,omitempty"` + + // cloudLoadBalancerConfig holds configuration related to DNS and cloud + // load balancers. It allows configuration of in-cluster DNS as an alternative + // to the platform default DNS implementation. + // When using the ClusterHosted DNS type, Load Balancer IP addresses + // must be provided for the API and internal API load balancers as well as the + // ingress load balancer. + // + // +default={"dnsType": "PlatformDefault"} + // +kubebuilder:default={"dnsType": "PlatformDefault"} + // +openshift:enable:FeatureGate=AzureClusterHostedDNSInstall + // +optional + CloudLoadBalancerConfig *CloudLoadBalancerConfig `json:"cloudLoadBalancerConfig,omitempty"` } // AzureResourceTag is a tag to apply to Azure resources created for the cluster. @@ -637,7 +650,7 @@ const ( ) // GCPServiceEndpointName is the name of the GCP Service Endpoint. -// +kubebuilder:validation:Enum=Compute;Container;CloudResourceManager;DNS;File;IAM;ServiceUsage;Storage +// +kubebuilder:validation:Enum=Compute;Container;CloudResourceManager;DNS;File;IAM;IAMCredentials;OAuth;ServiceUsage;Storage;STS type GCPServiceEndpointName string const ( @@ -659,11 +672,20 @@ const ( // GCPServiceEndpointNameIAM is the name used for the GCP IAM Service endpoint. GCPServiceEndpointNameIAM GCPServiceEndpointName = "IAM" + // GCPServiceEndpointNameIAMCredentials is the name used for the GCP IAM Credentials Service endpoint. + GCPServiceEndpointNameIAMCredentials GCPServiceEndpointName = "IAMCredentials" + + // GCPServiceEndpointNameOAuth is the name used for the GCP OAuth2 Service endpoint. + GCPServiceEndpointNameOAuth GCPServiceEndpointName = "OAuth" + // GCPServiceEndpointNameServiceUsage is the name used for the GCP Service Usage Service endpoint. GCPServiceEndpointNameServiceUsage GCPServiceEndpointName = "ServiceUsage" // GCPServiceEndpointNameStorage is the name used for the GCP Storage Service endpoint. GCPServiceEndpointNameStorage GCPServiceEndpointName = "Storage" + + // GCPServiceEndpointNameSTS is the name used for the GCP STS Service endpoint. + GCPServiceEndpointNameSTS GCPServiceEndpointName = "STS" ) // GCPServiceEndpoint store the configuration of a custom url to @@ -745,7 +767,7 @@ type GCPPlatformStatus struct { // // +default={"dnsType": "PlatformDefault"} // +kubebuilder:default={"dnsType": "PlatformDefault"} - // +openshift:enable:FeatureGate=GCPClusterHostedDNS + // +openshift:enable:FeatureGate=GCPClusterHostedDNSInstall // +optional // +nullable CloudLoadBalancerConfig *CloudLoadBalancerConfig `json:"cloudLoadBalancerConfig,omitempty"` @@ -754,13 +776,13 @@ type GCPPlatformStatus struct { // used when creating clients to interact with GCP services. // When not specified, the default endpoint for the GCP region will be used. // Only 1 endpoint override is permitted for each GCP service. - // The maximum number of endpoint overrides allowed is 9. + // The maximum number of endpoint overrides allowed is 11. // +listType=map // +listMapKey=name - // +kubebuilder:validation:MaxItems=8 + // +kubebuilder:validation:MaxItems=11 // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x.name == y.name))",message="only 1 endpoint override is permitted per GCP service name" // +optional - // +openshift:enable:FeatureGate=GCPCustomAPIEndpoints + // +openshift:enable:FeatureGate=GCPCustomAPIEndpointsInstall ServiceEndpoints []GCPServiceEndpoint `json:"serviceEndpoints,omitempty"` } diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index 70edc1769..788e10479 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -616,6 +616,11 @@ func (in *AzurePlatformStatus) DeepCopyInto(out *AzurePlatformStatus) { *out = make([]AzureResourceTag, len(*in)) copy(*out, *in) } + if in.CloudLoadBalancerConfig != nil { + in, out := &in.CloudLoadBalancerConfig, &out.CloudLoadBalancerConfig + *out = new(CloudLoadBalancerConfig) + (*in).DeepCopyInto(*out) + } return } diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml index 91881630b..6d756e8f9 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml @@ -361,11 +361,12 @@ infrastructures.config.openshift.io: Capability: "" Category: "" FeatureGates: - - AWSClusterHostedDNS + - AWSClusterHostedDNSInstall + - AzureClusterHostedDNSInstall - DualReplica - DyanmicServiceEndpointIBMCloud - - GCPClusterHostedDNS - - GCPCustomAPIEndpoints + - GCPClusterHostedDNSInstall + - GCPCustomAPIEndpointsInstall - HighlyAvailableArbiter - HighlyAvailableArbiter+DualReplica - NutanixMultiSubnets diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index eb78ad7ca..13ae075da 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -399,7 +399,7 @@ func (DeprecatedWebhookTokenAuthenticator) SwaggerDoc() map[string]string { var map_ExtraMapping = map[string]string{ "": "ExtraMapping allows specifying a key and CEL expression to evaluate the keys' value. It is used to create additional mappings and attributes added to a cluster identity from a provided authentication token.", "key": "key is a required field that specifies the string to use as the extra attribute key.\n\nkey must be a domain-prefix path (e.g 'example.org/foo'). key must not exceed 510 characters in length. key must contain the '/' character, separating the domain and path characters. key must not be empty.\n\nThe domain portion of the key (string of characters prior to the '/') must be a valid RFC1123 subdomain. It must not exceed 253 characters in length. It must start and end with an alphanumeric character. It must only contain lower case alphanumeric characters and '-' or '.'. It must not use the reserved domains, or be subdomains of, \"kubernetes.io\", \"k8s.io\", and \"openshift.io\".\n\nThe path portion of the key (string of characters after the '/') must not be empty and must consist of at least one alphanumeric character, percent-encoded octets, '-', '.', '_', '~', '!', '$', '&', ''', '(', ')', '*', '+', ',', ';', '=', and ':'. It must not exceed 256 characters in length.", - "valueExpression": "valueExpression is a required field to specify the CEL expression to extract the extra attribute value from a JWT token's claims. valueExpression must produce a string or string array value. \"\", [], and null are treated as the extra mapping not being present. Empty string values within an array are filtered out.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'. 'claims' is a map of claim names to claim values. For example, the 'sub' claim value can be accessed as 'claims.sub'. Nested claims can be accessed using dot notation ('claims.foo.bar').\n\nvalueExpression must not exceed 4096 characters in length. valueExpression must not be empty.", + "valueExpression": "valueExpression is a required field to specify the CEL expression to extract the extra attribute value from a JWT token's claims. valueExpression must produce a string or string array value. \"\", [], and null are treated as the extra mapping not being present. Empty string values within an array are filtered out.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'. 'claims' is a map of claim names to claim values. For example, the 'sub' claim value can be accessed as 'claims.sub'. Nested claims can be accessed using dot notation ('claims.foo.bar').\n\nvalueExpression must not exceed 1024 characters in length. valueExpression must not be empty.", } func (ExtraMapping) SwaggerDoc() map[string]string { @@ -477,7 +477,7 @@ var map_TokenClaimMappings = map[string]string{ "username": "username is a required field that configures how the username of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider.", "groups": "groups is an optional field that configures how the groups of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider. When referencing a claim, if the claim is present in the JWT token, its value must be a list of groups separated by a comma (','). For example - '\"example\"' and '\"exampleOne\", \"exampleTwo\", \"exampleThree\"' are valid claim values.", "uid": "uid is an optional field for configuring the claim mapping used to construct the uid for the cluster identity.\n\nWhen using uid.claim to specify the claim it must be a single string value. When using uid.expression the expression must result in a single string value.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a default, which is subject to change over time. The current default is to use the 'sub' claim.", - "extra": "extra is an optional field for configuring the mappings used to construct the extra attribute for the cluster identity. When omitted, no extra attributes will be present on the cluster identity. key values for extra mappings must be unique. A maximum of 64 extra attribute mappings may be provided.", + "extra": "extra is an optional field for configuring the mappings used to construct the extra attribute for the cluster identity. When omitted, no extra attributes will be present on the cluster identity. key values for extra mappings must be unique. A maximum of 32 extra attribute mappings may be provided.", } func (TokenClaimMappings) SwaggerDoc() map[string]string { @@ -487,7 +487,7 @@ func (TokenClaimMappings) SwaggerDoc() map[string]string { var map_TokenClaimOrExpressionMapping = map[string]string{ "": "TokenClaimOrExpressionMapping allows specifying either a JWT token claim or CEL expression to be used when mapping claims from an authentication token to cluster identities.", "claim": "claim is an optional field for specifying the JWT token claim that is used in the mapping. The value of this claim will be assigned to the field in which this mapping is associated.\n\nPrecisely one of claim or expression must be set. claim must not be specified when expression is set. When specified, claim must be at least 1 character in length and must not exceed 256 characters in length.", - "expression": "expression is an optional field for specifying a CEL expression that produces a string value from JWT token claims.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'. 'claims' is a map of claim names to claim values. For example, the 'sub' claim value can be accessed as 'claims.sub'. Nested claims can be accessed using dot notation ('claims.foo.bar').\n\nPrecisely one of claim or expression must be set. expression must not be specified when claim is set. When specified, expression must be at least 1 character in length and must not exceed 4096 characters in length.", + "expression": "expression is an optional field for specifying a CEL expression that produces a string value from JWT token claims.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'. 'claims' is a map of claim names to claim values. For example, the 'sub' claim value can be accessed as 'claims.sub'. Nested claims can be accessed using dot notation ('claims.foo.bar').\n\nPrecisely one of claim or expression must be set. expression must not be specified when claim is set. When specified, expression must be at least 1 character in length and must not exceed 1024 characters in length.", } func (TokenClaimOrExpressionMapping) SwaggerDoc() map[string]string { @@ -504,7 +504,7 @@ func (TokenClaimValidationRule) SwaggerDoc() map[string]string { } var map_TokenIssuer = map[string]string{ - "issuerURL": "issuerURL is a required field that configures the URL used to issue tokens by the identity provider. The Kubernetes API server determines how authentication tokens should be handled by matching the 'iss' claim in the JWT to the issuerURL of configured identity providers.\n\nissuerURL must use the 'https' scheme.", + "issuerURL": "issuerURL is a required field that configures the URL used to issue tokens by the identity provider. The Kubernetes API server determines how authentication tokens should be handled by matching the 'iss' claim in the JWT to the issuerURL of configured identity providers.\n\nMust be at least 1 character and must not exceed 512 characters in length. Must be a valid URL that uses the 'https' scheme and does not contain a query, fragment or user.", "audiences": "audiences is a required field that configures the acceptable audiences the JWT token, issued by the identity provider, must be issued to. At least one of the entries must match the 'aud' claim in the JWT token.\n\naudiences must contain at least one entry and must not exceed ten entries.", "issuerCertificateAuthority": "issuerCertificateAuthority is an optional field that configures the certificate authority, used by the Kubernetes API server, to validate the connection to the identity provider when fetching discovery information.\n\nWhen not specified, the system trust is used.\n\nWhen specified, it must reference a ConfigMap in the openshift-config namespace containing the PEM-encoded CA certificates under the 'ca-bundle.crt' key in the data field of the ConfigMap.", } @@ -1480,6 +1480,7 @@ var map_AzurePlatformStatus = map[string]string{ "cloudName": "cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`.", "armEndpoint": "armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack.", "resourceTags": "resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.", + "cloudLoadBalancerConfig": "cloudLoadBalancerConfig holds configuration related to DNS and cloud load balancers. It allows configuration of in-cluster DNS as an alternative to the platform default DNS implementation. When using the ClusterHosted DNS type, Load Balancer IP addresses must be provided for the API and internal API load balancers as well as the ingress load balancer.", } func (AzurePlatformStatus) SwaggerDoc() map[string]string { @@ -1612,7 +1613,7 @@ var map_GCPPlatformStatus = map[string]string{ "resourceLabels": "resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration.", "resourceTags": "resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", "cloudLoadBalancerConfig": "cloudLoadBalancerConfig holds configuration related to DNS and cloud load balancers. It allows configuration of in-cluster DNS as an alternative to the platform default DNS implementation. When using the ClusterHosted DNS type, Load Balancer IP addresses must be provided for the API and internal API load balancers as well as the ingress load balancer.", - "serviceEndpoints": "serviceEndpoints specifies endpoints that override the default endpoints used when creating clients to interact with GCP services. When not specified, the default endpoint for the GCP region will be used. Only 1 endpoint override is permitted for each GCP service. The maximum number of endpoint overrides allowed is 9.", + "serviceEndpoints": "serviceEndpoints specifies endpoints that override the default endpoints used when creating clients to interact with GCP services. When not specified, the default endpoint for the GCP region will be used. Only 1 endpoint override is permitted for each GCP service. The maximum number of endpoint overrides allowed is 11.", } func (GCPPlatformStatus) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go index 4498dd4ba..c048c64ef 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go @@ -17,6 +17,8 @@ limitations under the License. package v1alpha1 import ( + v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -51,7 +53,7 @@ type ClusterMonitoring struct { Status ClusterMonitoringStatus `json:"status,omitempty"` } -// MonitoringOperatorStatus defines the observed state of MonitoringOperator +// ClusterMonitoringStatus defines the observed state of ClusterMonitoring type ClusterMonitoringStatus struct { } @@ -72,10 +74,21 @@ type ClusterMonitoringList struct { } // ClusterMonitoringSpec defines the desired state of Cluster Monitoring Operator +// +kubebuilder:validation:MinProperties=1 type ClusterMonitoringSpec struct { // userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. - // +required - UserDefined UserDefinedMonitoring `json:"userDefined"` + // userDefined is optional. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + // The current default value is `Disabled`. + // +optional + UserDefined *UserDefinedMonitoring `json:"userDefined,omitempty"` + // alertmanagerConfig allows users to configure how the default Alertmanager instance + // should be deployed in the `openshift-monitoring` namespace. + // alertmanagerConfig is optional. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + // The current default value is `DefaultConfig`. + // +optional + AlertmanagerConfig *AlertmanagerConfig `json:"alertmanagerConfig,omitempty"` } // UserDefinedMonitoring config for user-defined projects. @@ -84,8 +97,9 @@ type UserDefinedMonitoring struct { // Valid values are Disabled and NamespaceIsolated // Disabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces. // NamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level. - // +kubebuilder:validation:Enum:="Disabled";"NamespaceIsolated" + // The current default value is `Disabled`. // +required + // +kubebuilder:validation:Enum=Disabled;NamespaceIsolated Mode UserDefinedMode `json:"mode"` } @@ -99,3 +113,212 @@ const ( // UserDefinedNamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level. UserDefinedNamespaceIsolated UserDefinedMode = "NamespaceIsolated" ) + +// alertmanagerConfig provides configuration options for the default Alertmanager instance +// that runs in the `openshift-monitoring` namespace. Use this configuration to control +// whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled. +// +kubebuilder:validation:XValidation:rule="self.deploymentMode == 'CustomConfig' ? has(self.customConfig) : !has(self.customConfig)",message="customConfig is required when deploymentMode is CustomConfig, and forbidden otherwise" +type AlertmanagerConfig struct { + // deploymentMode determines whether the default Alertmanager instance should be deployed + // as part of the monitoring stack. + // Allowed values are Disabled, DefaultConfig, and CustomConfig. + // When set to Disabled, the Alertmanager instance will not be deployed. + // When set to DefaultConfig, the platform will deploy Alertmanager with default settings. + // When set to CustomConfig, the Alertmanager will be deployed with custom configuration. + // + // +unionDiscriminator + // +required + DeploymentMode AlertManagerDeployMode `json:"deploymentMode"` + + // customConfig must be set when deploymentMode is CustomConfig, and must be unset otherwise. + // When set to CustomConfig, the Alertmanager will be deployed with custom configuration. + // +optional + CustomConfig *AlertmanagerCustomConfig `json:"customConfig,omitempty"` +} + +// AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment. +// alertmanagerCustomConfig provides configuration options for the default Alertmanager instance +// that runs in the `openshift-monitoring` namespace. Use this configuration to control +// whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled. +// +kubebuilder:validation:MinProperties=1 +type AlertmanagerCustomConfig struct { + // logLevel defines the verbosity of logs emitted by Alertmanager. + // This field allows users to control the amount and severity of logs generated, which can be useful + // for debugging issues or reducing noise in production environments. + // Allowed values are Error, Warn, Info, and Debug. + // When set to Error, only errors will be logged. + // When set to Warn, both warnings and errors will be logged. + // When set to Info, general information, warnings, and errors will all be logged. + // When set to Debug, detailed debugging information will be logged. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. + // The current default value is `Info`. + // +optional + LogLevel LogLevel `json:"logLevel"` + // nodeSelector defines the nodes on which the Pods are scheduled + // nodeSelector is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default value is `kubernetes.io/os: linux`. + // +optional + // +kubebuilder:validation:MinProperties=1 + // +kubebuilder:validation:MaxProperties=10 + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + // resources defines the compute resource requests and limits for the Alertmanager container. + // This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. + // When not specified, defaults are used by the platform. Requests cannot exceed limits. + // This field is optional. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // This is a simplified API that maps to Kubernetes ResourceRequirements. + // The current default values are: + // resources: + // - name: cpu + // request: 4m + // limit: null + // - name: memory + // request: 40Mi + // limit: null + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + Resources []ContainerResource `json:"resources,omitempty"` + // secrets defines a list of secrets that need to be mounted into the Alertmanager. + // The secrets must reside within the same namespace as the Alertmanager object. + // They will be added as volumes named secret- and mounted at + // /etc/alertmanager/secrets/ within the 'alertmanager' container of + // the Alertmanager Pods. + // + // These secrets can be used to authenticate Alertmanager with endpoint receivers. + // For example, you can use secrets to: + // - Provide certificates for TLS authentication with receivers that require private CA certificates + // - Store credentials for Basic HTTP authentication with receivers that require password-based auth + // - Store any other authentication credentials needed by your alert receivers + // + // This field is optional. + // Maximum length for this list is 10. + // Minimum length for this list is 1. + // Entries in this list must be unique. + // +optional + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=set + Secrets []SecretName `json:"secrets,omitempty"` + // tolerations defines tolerations for the pods. + // tolerations is optional. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // Defaults are empty/unset. + // Maximum length for this list is 10 + // Minimum length for this list is 1 + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=atomic + // +optional + Tolerations []v1.Toleration `json:"tolerations,omitempty"` + // topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed + // across topology domains such as zones, nodes, or other user-defined labels. + // topologySpreadConstraints is optional. + // This helps improve high availability and resource efficiency by avoiding placing + // too many replicas in the same failure domain. + // + // When omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. + // This field maps directly to the `topologySpreadConstraints` field in the Pod spec. + // Default is empty list. + // Maximum length for this list is 10. + // Minimum length for this list is 1 + // Entries must have unique topologyKey and whenUnsatisfiable pairs. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:MinItems=1 + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + // +optional + TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` + // volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to + // configure the persistent volume claim, including storage class, volume + // size, and name. + // If omitted, the Pod uses ephemeral storage and alert data will not persist + // across restarts. + // This field is optional. + // +optional + VolumeClaimTemplate *v1.PersistentVolumeClaim `json:"volumeClaimTemplate,omitempty"` +} + +// AlertManagerDeployMode defines the deployment state of the platform Alertmanager instance. +// +// Possible values: +// - "Disabled": The Alertmanager instance will not be deployed. +// - "DefaultConfig": The Alertmanager instance will be deployed with default settings. +// - "CustomConfig": The Alertmanager instance will be deployed with custom configuration. +// +kubebuilder:validation:Enum=Disabled;DefaultConfig;CustomConfig +type AlertManagerDeployMode string + +const ( + // AlertManagerModeDisabled means the Alertmanager instance will not be deployed. + AlertManagerDeployModeDisabled AlertManagerDeployMode = "Disabled" + // AlertManagerModeDefaultConfig means the Alertmanager instance will be deployed with default settings. + AlertManagerDeployModeDefaultConfig AlertManagerDeployMode = "DefaultConfig" + // AlertManagerModeCustomConfig means the Alertmanager instance will be deployed with custom configuration. + AlertManagerDeployModeCustomConfig AlertManagerDeployMode = "CustomConfig" +) + +// logLevel defines the verbosity of logs emitted by Alertmanager. +// Valid values are Error, Warn, Info and Debug. +// +kubebuilder:validation:Enum=Error;Warn;Info;Debug +type LogLevel string + +const ( + // Error only errors will be logged. + LogLevelError LogLevel = "Error" + // Warn, both warnings and errors will be logged. + LogLevelWarn LogLevel = "Warn" + // Info, general information, warnings, and errors will all be logged. + LogLevelInfo LogLevel = "Info" + // Debug, detailed debugging information will be logged. + LogLevelDebug LogLevel = "Debug" +) + +// ContainerResource defines a single resource requirement for a container. +// +kubebuilder:validation:XValidation:rule="has(self.request) || has(self.limit)",message="at least one of request or limit must be set" +// +kubebuilder:validation:XValidation:rule="!(has(self.request) && has(self.limit)) || quantity(self.limit).compareTo(quantity(self.request)) >= 0",message="limit must be greater than or equal to request" +type ContainerResource struct { + // name of the resource (e.g. "cpu", "memory", "hugepages-2Mi"). + // This field is required. + // name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character. + // +required + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.qualifiedName().validate(self).hasValue()",message="name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character" + Name string `json:"name"` + + // request is the minimum amount of the resource required (e.g. "2Mi", "1Gi"). + // This field is optional. + // When limit is specified, request cannot be greater than limit. + // +optional + // +kubebuilder:validation:XIntOrString + // +kubebuilder:validation:MaxLength=20 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="isQuantity(self) && quantity(self).isGreaterThan(quantity('0'))",message="request must be a positive, non-zero quantity" + Request resource.Quantity `json:"request,omitempty"` + + // limit is the maximum amount of the resource allowed (e.g. "2Mi", "1Gi"). + // This field is optional. + // When request is specified, limit cannot be less than request. + // The value must be greater than 0 when specified. + // +optional + // +kubebuilder:validation:XIntOrString + // +kubebuilder:validation:MaxLength=20 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="isQuantity(self) && quantity(self).isGreaterThan(quantity('0'))",message="limit must be a positive, non-zero quantity" + Limit resource.Quantity `json:"limit,omitempty"` +} + +// SecretName is a type that represents the name of a Secret in the same namespace. +// It must be at most 253 characters in length. +// +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." +// +kubebuilder:validation:MaxLength=63 +type SecretName string diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go index b605ffcf4..144b173f6 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go @@ -6,10 +6,86 @@ package v1alpha1 import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AlertmanagerConfig) DeepCopyInto(out *AlertmanagerConfig) { + *out = *in + if in.CustomConfig != nil { + in, out := &in.CustomConfig, &out.CustomConfig + *out = new(AlertmanagerCustomConfig) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlertmanagerConfig. +func (in *AlertmanagerConfig) DeepCopy() *AlertmanagerConfig { + if in == nil { + return nil + } + out := new(AlertmanagerConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AlertmanagerCustomConfig) DeepCopyInto(out *AlertmanagerCustomConfig) { + *out = *in + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]ContainerResource, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Secrets != nil { + in, out := &in.Secrets, &out.Secrets + *out = make([]SecretName, len(*in)) + copy(*out, *in) + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]v1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TopologySpreadConstraints != nil { + in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints + *out = make([]v1.TopologySpreadConstraint, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.VolumeClaimTemplate != nil { + in, out := &in.VolumeClaimTemplate, &out.VolumeClaimTemplate + *out = new(v1.PersistentVolumeClaim) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlertmanagerCustomConfig. +func (in *AlertmanagerCustomConfig) DeepCopy() *AlertmanagerCustomConfig { + if in == nil { + return nil + } + out := new(AlertmanagerCustomConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Backup) DeepCopyInto(out *Backup) { *out = *in @@ -192,7 +268,7 @@ func (in *ClusterImagePolicyStatus) DeepCopyInto(out *ClusterImagePolicyStatus) *out = *in if in.Conditions != nil { in, out := &in.Conditions, &out.Conditions - *out = make([]v1.Condition, len(*in)) + *out = make([]metav1.Condition, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -215,7 +291,7 @@ func (in *ClusterMonitoring) DeepCopyInto(out *ClusterMonitoring) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec + in.Spec.DeepCopyInto(&out.Spec) out.Status = in.Status return } @@ -274,7 +350,16 @@ func (in *ClusterMonitoringList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterMonitoringSpec) DeepCopyInto(out *ClusterMonitoringSpec) { *out = *in - out.UserDefined = in.UserDefined + if in.UserDefined != nil { + in, out := &in.UserDefined, &out.UserDefined + *out = new(UserDefinedMonitoring) + **out = **in + } + if in.AlertmanagerConfig != nil { + in, out := &in.AlertmanagerConfig, &out.AlertmanagerConfig + *out = new(AlertmanagerConfig) + (*in).DeepCopyInto(*out) + } return } @@ -304,6 +389,24 @@ func (in *ClusterMonitoringStatus) DeepCopy() *ClusterMonitoringStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ContainerResource) DeepCopyInto(out *ContainerResource) { + *out = *in + out.Request = in.Request.DeepCopy() + out.Limit = in.Limit.DeepCopy() + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ContainerResource. +func (in *ContainerResource) DeepCopy() *ContainerResource { + if in == nil { + return nil + } + out := new(ContainerResource) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *EtcdBackupSpec) DeepCopyInto(out *EtcdBackupSpec) { *out = *in @@ -462,7 +565,7 @@ func (in *ImagePolicyStatus) DeepCopyInto(out *ImagePolicyStatus) { *out = *in if in.Conditions != nil { in, out := &in.Conditions, &out.Conditions - *out = make([]v1.Condition, len(*in)) + *out = make([]metav1.Condition, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go index 3b145db6c..b6ff150fc 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go @@ -118,6 +118,31 @@ func (ClusterImagePolicyStatus) SwaggerDoc() map[string]string { return map_ClusterImagePolicyStatus } +var map_AlertmanagerConfig = map[string]string{ + "": "alertmanagerConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", + "deploymentMode": "deploymentMode determines whether the default Alertmanager instance should be deployed as part of the monitoring stack. Allowed values are Disabled, DefaultConfig, and CustomConfig. When set to Disabled, the Alertmanager instance will not be deployed. When set to DefaultConfig, the platform will deploy Alertmanager with default settings. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", + "customConfig": "customConfig must be set when deploymentMode is CustomConfig, and must be unset otherwise. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", +} + +func (AlertmanagerConfig) SwaggerDoc() map[string]string { + return map_AlertmanagerConfig +} + +var map_AlertmanagerCustomConfig = map[string]string{ + "": "AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment. alertmanagerCustomConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", + "logLevel": "logLevel defines the verbosity of logs emitted by Alertmanager. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + "nodeSelector": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", + "resources": "resources defines the compute resource requests and limits for the Alertmanager container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1.", + "secrets": "secrets defines a list of secrets that need to be mounted into the Alertmanager. The secrets must reside within the same namespace as the Alertmanager object. They will be added as volumes named secret- and mounted at /etc/alertmanager/secrets/ within the 'alertmanager' container of the Alertmanager Pods.\n\nThese secrets can be used to authenticate Alertmanager with endpoint receivers. For example, you can use secrets to: - Provide certificates for TLS authentication with receivers that require private CA certificates - Store credentials for Basic HTTP authentication with receivers that require password-based auth - Store any other authentication credentials needed by your alert receivers\n\nThis field is optional. Maximum length for this list is 10. Minimum length for this list is 1. Entries in this list must be unique.", + "tolerations": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", + "topologySpreadConstraints": "topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "volumeClaimTemplate": "volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class, volume size, and name. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. This field is optional.", +} + +func (AlertmanagerCustomConfig) SwaggerDoc() map[string]string { + return map_AlertmanagerCustomConfig +} + var map_ClusterMonitoring = map[string]string{ "": "ClusterMonitoring is the Custom Resource object which holds the current status of Cluster Monitoring Operator. CMO is a central component of the monitoring stack.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. ClusterMonitoring is the Schema for the Cluster Monitoring Operators API", "metadata": "metadata is the standard object metadata.", @@ -140,8 +165,9 @@ func (ClusterMonitoringList) SwaggerDoc() map[string]string { } var map_ClusterMonitoringSpec = map[string]string{ - "": "ClusterMonitoringSpec defines the desired state of Cluster Monitoring Operator", - "userDefined": "userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring.", + "": "ClusterMonitoringSpec defines the desired state of Cluster Monitoring Operator", + "userDefined": "userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. userDefined is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `Disabled`.", + "alertmanagerConfig": "alertmanagerConfig allows users to configure how the default Alertmanager instance should be deployed in the `openshift-monitoring` namespace. alertmanagerConfig is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `DefaultConfig`.", } func (ClusterMonitoringSpec) SwaggerDoc() map[string]string { @@ -149,16 +175,27 @@ func (ClusterMonitoringSpec) SwaggerDoc() map[string]string { } var map_ClusterMonitoringStatus = map[string]string{ - "": "MonitoringOperatorStatus defines the observed state of MonitoringOperator", + "": "ClusterMonitoringStatus defines the observed state of ClusterMonitoring", } func (ClusterMonitoringStatus) SwaggerDoc() map[string]string { return map_ClusterMonitoringStatus } +var map_ContainerResource = map[string]string{ + "": "ContainerResource defines a single resource requirement for a container.", + "name": "name of the resource (e.g. \"cpu\", \"memory\", \"hugepages-2Mi\"). This field is required. name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character.", + "request": "request is the minimum amount of the resource required (e.g. \"2Mi\", \"1Gi\"). This field is optional. When limit is specified, request cannot be greater than limit.", + "limit": "limit is the maximum amount of the resource allowed (e.g. \"2Mi\", \"1Gi\"). This field is optional. When request is specified, limit cannot be less than request. The value must be greater than 0 when specified.", +} + +func (ContainerResource) SwaggerDoc() map[string]string { + return map_ContainerResource +} + var map_UserDefinedMonitoring = map[string]string{ "": "UserDefinedMonitoring config for user-defined projects.", - "mode": "mode defines the different configurations of UserDefinedMonitoring Valid values are Disabled and NamespaceIsolated Disabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces. NamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level.", + "mode": "mode defines the different configurations of UserDefinedMonitoring Valid values are Disabled and NamespaceIsolated Disabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces. NamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level. The current default value is `Disabled`.", } func (UserDefinedMonitoring) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/envtest-releases.yaml b/vendor/github.com/openshift/api/envtest-releases.yaml index e3a8c94cf..e8688e2b0 100644 --- a/vendor/github.com/openshift/api/envtest-releases.yaml +++ b/vendor/github.com/openshift/api/envtest-releases.yaml @@ -51,3 +51,16 @@ releases: envtest-v1.32.1-linux-arm64.tar.gz: hash: 0bc52e6344ae0753715bc39c2878696c72a3129356df484835586165238361c109ad3e1ebd354af8ecdf1026c3a2b98ed225ad0c6dd348cb3ff128a7cfdcc2f8 selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.32.1-linux-arm64.tar.gz + v1.33.2: + envtest-v1.33.2-darwin-amd64.tar.gz: + hash: d032acdc6f365059e20e22de6f78dd298e4cc48b379639c777032a97b7fe6a1d0c933f2a48879506231d57e4be9407ffc56b46485958023a766c4db3f1efb89e + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.33.2-darwin-amd64.tar.gz + envtest-v1.33.2-darwin-arm64.tar.gz: + hash: 51aa29ab015a1d1825e7155137fe30a2aafd311faf63486118d0dd026a9163c65d61e004a42b8e3ff624529734610b4dafdc12220d11d6c159ca9b3622f64497 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.33.2-darwin-arm64.tar.gz + envtest-v1.33.2-linux-amd64.tar.gz: + hash: 4f2749f668c49ac67651ca2c284252eea722aa37389c3808957a0e1a7783adf1c183aa07ff9623357b761b96022828bbd09dff019527032a474d923676835faf + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.33.2-linux-amd64.tar.gz + envtest-v1.33.2-linux-arm64.tar.gz: + hash: 9936eba66fd0170808268da4c0609b7e7d4d1b0de8607b0d3a9091539b4ec881041a9e08e7b4839708b11139bcc850acd34dfc0305ed955cc61fc3fae9da58f5 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.33.2-linux-arm64.tar.gz diff --git a/vendor/github.com/openshift/api/features.md b/vendor/github.com/openshift/api/features.md index c20741dfa..89a1337e6 100644 --- a/vendor/github.com/openshift/api/features.md +++ b/vendor/github.com/openshift/api/features.md @@ -5,42 +5,46 @@ | MachineAPIOperatorDisableMachineHealthCheckController| | | | | | | | MultiArchInstallAzure| | | | | | | | ShortCertRotation| | | | | | | +| NoRegistryClusterOperations| | | | Enabled | | | | BootImageSkewEnforcement| | | Enabled | Enabled | | | -| ClusterVersionOperatorConfiguration| | | Enabled | Enabled | | | -| DualReplica| | | Enabled | Enabled | | | | Example2| | | Enabled | Enabled | | | +| ExternalSnapshotMetadata| | | Enabled | Enabled | | | | NewOLMCatalogdAPIV1Metas| | | | Enabled | | Enabled | | NewOLMOwnSingleNamespace| | | | Enabled | | Enabled | | NewOLMPreflightPermissionChecks| | | | Enabled | | Enabled | | NewOLMWebhookProviderOpenshiftServiceCA| | | | Enabled | | Enabled | -| SELinuxMount| | | Enabled | Enabled | | | | VSphereMixedNodeEnv| | | Enabled | Enabled | | | | NewOLM| | Enabled | | Enabled | | Enabled | | AWSClusterHostedDNS| | | Enabled | Enabled | Enabled | Enabled | +| AWSClusterHostedDNSInstall| | | Enabled | Enabled | Enabled | Enabled | | AWSDedicatedHosts| | | Enabled | Enabled | Enabled | Enabled | | AWSServiceLBNetworkSecurityGroup| | | Enabled | Enabled | Enabled | Enabled | | AutomatedEtcdBackup| | | Enabled | Enabled | Enabled | Enabled | +| AzureClusterHostedDNSInstall| | | Enabled | Enabled | Enabled | Enabled | | AzureDedicatedHosts| | | Enabled | Enabled | Enabled | Enabled | | AzureMultiDisk| | | Enabled | Enabled | Enabled | Enabled | | BootcNodeManagement| | | Enabled | Enabled | Enabled | Enabled | | ClusterAPIInstallIBMCloud| | | Enabled | Enabled | Enabled | Enabled | | ClusterMonitoringConfig| | | Enabled | Enabled | Enabled | Enabled | +| ClusterVersionOperatorConfiguration| | | Enabled | Enabled | Enabled | Enabled | | DNSNameResolver| | | Enabled | Enabled | Enabled | Enabled | +| DualReplica| | | Enabled | Enabled | Enabled | Enabled | | DyanmicServiceEndpointIBMCloud| | | Enabled | Enabled | Enabled | Enabled | | DynamicResourceAllocation| | | Enabled | Enabled | Enabled | Enabled | | EtcdBackendQuota| | | Enabled | Enabled | Enabled | Enabled | | Example| | | Enabled | Enabled | Enabled | Enabled | | ExternalOIDCWithUIDAndExtraClaimMappings| | | Enabled | Enabled | Enabled | Enabled | | GCPClusterHostedDNS| | | Enabled | Enabled | Enabled | Enabled | +| GCPClusterHostedDNSInstall| | | Enabled | Enabled | Enabled | Enabled | | GCPCustomAPIEndpoints| | | Enabled | Enabled | Enabled | Enabled | -| HighlyAvailableArbiter| | | Enabled | Enabled | Enabled | Enabled | +| GCPCustomAPIEndpointsInstall| | | Enabled | Enabled | Enabled | Enabled | | ImageModeStatusReporting| | | Enabled | Enabled | Enabled | Enabled | | ImageStreamImportMode| | | Enabled | Enabled | Enabled | Enabled | | IngressControllerDynamicConfigurationManager| | | Enabled | Enabled | Enabled | Enabled | | InsightsConfig| | | Enabled | Enabled | Enabled | Enabled | | InsightsConfigAPI| | | Enabled | Enabled | Enabled | Enabled | | InsightsOnDemandDataGather| | | Enabled | Enabled | Enabled | Enabled | -| InsightsRuntimeExtractor| | | Enabled | Enabled | Enabled | Enabled | +| IrreconcilableMachineConfig| | | Enabled | Enabled | Enabled | Enabled | | KMSEncryptionProvider| | | Enabled | Enabled | Enabled | Enabled | | MachineAPIMigration| | | Enabled | Enabled | Enabled | Enabled | | ManagedBootImagesAzure| | | Enabled | Enabled | Enabled | Enabled | @@ -54,15 +58,12 @@ | NutanixMultiSubnets| | | Enabled | Enabled | Enabled | Enabled | | OVNObservability| | | Enabled | Enabled | Enabled | Enabled | | PreconfiguredUDNAddresses| | | Enabled | Enabled | Enabled | Enabled | +| SELinuxMount| | | Enabled | Enabled | Enabled | Enabled | | SignatureStores| | | Enabled | Enabled | Enabled | Enabled | -| SigstoreImageVerification| | | Enabled | Enabled | Enabled | Enabled | | SigstoreImageVerificationPKI| | | Enabled | Enabled | Enabled | Enabled | -| StoragePerformantSecurityPolicy| | | Enabled | Enabled | Enabled | Enabled | | TranslateStreamCloseWebsocketRequests| | | Enabled | Enabled | Enabled | Enabled | -| UpgradeStatus| | | Enabled | Enabled | Enabled | Enabled | | VSphereConfigurableMaxAllowedBlockVolumesPerNode| | | Enabled | Enabled | Enabled | Enabled | | VSphereHostVMGroupZonal| | | Enabled | Enabled | Enabled | Enabled | -| VSphereMultiDisk| | | Enabled | Enabled | Enabled | Enabled | | VolumeAttributesClass| | | Enabled | Enabled | Enabled | Enabled | | VolumeGroupSnapshot| | | Enabled | Enabled | Enabled | Enabled | | ExternalOIDC| Enabled | | Enabled | Enabled | Enabled | Enabled | @@ -72,11 +73,11 @@ | AzureWorkloadIdentity| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | BuildCSIVolumes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | CPMSMachineNamePrefix| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ChunkSizeMiB| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ConsolePluginContentSecurityPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | GatewayAPI| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | GatewayAPIController| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| HardwareSpeed| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| HighlyAvailableArbiter| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ImageVolume| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | IngressControllerLBSubnetsAWS| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | KMSv1| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | MachineConfigNodes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | @@ -86,15 +87,17 @@ | NetworkDiagnosticsConfig| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | NetworkLiveMigration| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | NetworkSegmentation| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| OnClusterBuild| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | OpenShiftPodSecurityAdmission| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| PersistentIPsForVirtualization| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | PinnedImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ProcMountType| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | RouteAdvertisements| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | RouteExternalCertificate| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ServiceAccountTokenNodeBinding| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | SetEIPForNLBIngressController| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| SigstoreImageVerification| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| StoragePerformantSecurityPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| UpgradeStatus| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | UserNamespacesPodSecurityStandards| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | UserNamespacesSupport| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| VSphereMultiDisk| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | VSphereMultiNetworks| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | diff --git a/vendor/github.com/openshift/api/imageregistry/v1/types.go b/vendor/github.com/openshift/api/imageregistry/v1/types.go index e4f531946..4fea20540 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/types.go +++ b/vendor/github.com/openshift/api/imageregistry/v1/types.go @@ -215,7 +215,6 @@ type ImageRegistryConfigStorageS3 struct { // The minimum value is 5 and the maximum value is 5120 (5 GiB). // +kubebuilder:validation:Minimum=5 // +kubebuilder:validation:Maximum=5120 - // +openshift:enable:FeatureGate=ChunkSizeMiB // +optional ChunkSizeMiB int32 `json:"chunkSizeMiB,omitempty"` // encrypt specifies whether the registry stores the image in encrypted diff --git a/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.featuregated-crd-manifests.yaml index a6ccc2262..95613c7ae 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.featuregated-crd-manifests.yaml @@ -4,8 +4,7 @@ configs.imageregistry.operator.openshift.io: CRDName: configs.imageregistry.operator.openshift.io Capability: "" Category: "" - FeatureGates: - - ChunkSizeMiB + FeatureGates: [] FilenameOperatorName: "" FilenameOperatorOrdering: "00" FilenameRunLevel: "" diff --git a/vendor/github.com/openshift/api/operator/v1/types_etcd.go b/vendor/github.com/openshift/api/operator/v1/types_etcd.go index f378086aa..252f3b399 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_etcd.go +++ b/vendor/github.com/openshift/api/operator/v1/types_etcd.go @@ -38,7 +38,6 @@ type EtcdSpec struct { // Valid values are "", "Standard" and "Slower". // "" means no opinion and the platform is left to choose a reasonable default // which is subject to change without notice. - // +openshift:enable:FeatureGate=HardwareSpeed // +optional HardwareSpeed ControlPlaneHardwareSpeed `json:"controlPlaneHardwareSpeed"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go b/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go index 2d88bcd77..8f779db2a 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go +++ b/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go @@ -55,6 +55,16 @@ type MachineConfigurationSpec struct { // has no effect on cluster upgrades which will still incur node disruption where required. // +optional NodeDisruptionPolicy NodeDisruptionPolicyConfig `json:"nodeDisruptionPolicy"` + + // irreconcilableValidationOverrides is an optional field that can used to make changes to a MachineConfig that + // cannot be applied to existing nodes. + // When specified, the fields configured with validation overrides will no longer reject changes to those + // respective fields due to them not being able to be applied to existing nodes. + // Only newly provisioned nodes will have these configurations applied. + // Existing nodes will report observed configuration differences in their MachineConfigNode status. + // +openshift:enable:FeatureGate=IrreconcilableMachineConfig + // +optional + IrreconcilableValidationOverrides IrreconcilableValidationOverrides `json:"irreconcilableValidationOverrides,omitempty,omitzero"` } type MachineConfigurationStatus struct { @@ -120,6 +130,40 @@ type MachineConfigurationList struct { Items []MachineConfiguration `json:"items"` } +// IrreconcilableValidationOverridesStorage defines available storage irreconcilable overrides. +// +kubebuilder:validation:Enum=Disks;FileSystems;Raid +type IrreconcilableValidationOverridesStorage string + +const ( + // Disks enables changes to the `spec.config.storage.disks` section of MachineConfig CRs. + IrreconcilableValidationOverridesStorageDisks IrreconcilableValidationOverridesStorage = "Disks" + + // FileSystems enables changes to the `spec.config.storage.filesystems` section of MachineConfig CRs. + IrreconcilableValidationOverridesStorageFileSystems IrreconcilableValidationOverridesStorage = "FileSystems" + + // Raid enables changes to the `spec.config.storage.raid` section of MachineConfig CRs. + IrreconcilableValidationOverridesStorageRaid IrreconcilableValidationOverridesStorage = "Raid" +) + +// IrreconcilableValidationOverrides holds the irreconcilable validations overrides to be applied on each rendered +// MachineConfig generation. +// +kubebuilder:validation:MinProperties=1 +type IrreconcilableValidationOverrides struct { + // storage can be used to allow making irreconcilable changes to the selected sections under the + // `spec.config.storage` field of MachineConfig CRs + // It must have at least one item, may not exceed 3 items and must not contain duplicates. + // Allowed element values are "Disks", "FileSystems", "Raid" and omitted. + // When contains "Disks" changes to the `spec.config.storage.disks` section of MachineConfig CRs are allowed. + // When contains "FileSystems" changes to the `spec.config.storage.filesystems` section of MachineConfig CRs are allowed. + // When contains "Raid" changes to the `spec.config.storage.raid` section of MachineConfig CRs are allowed. + // When omitted changes to the `spec.config.storage` section are forbidden. + // +optional + // +listType=set + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=3 + Storage []IrreconcilableValidationOverridesStorage `json:"storage,omitempty,omitzero"` +} + type ManagedBootImages struct { // machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator // will watch for changes to this list. Only one entry is permitted per type of machine management resource. diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go index d8f3cbc2f..d2e74e683 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go @@ -2640,6 +2640,27 @@ func (in *InsightsReport) DeepCopy() *InsightsReport { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IrreconcilableValidationOverrides) DeepCopyInto(out *IrreconcilableValidationOverrides) { + *out = *in + if in.Storage != nil { + in, out := &in.Storage, &out.Storage + *out = make([]IrreconcilableValidationOverridesStorage, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IrreconcilableValidationOverrides. +func (in *IrreconcilableValidationOverrides) DeepCopy() *IrreconcilableValidationOverrides { + if in == nil { + return nil + } + out := new(IrreconcilableValidationOverrides) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KubeAPIServer) DeepCopyInto(out *KubeAPIServer) { *out = *in @@ -3221,6 +3242,7 @@ func (in *MachineConfigurationSpec) DeepCopyInto(out *MachineConfigurationSpec) in.StaticPodOperatorSpec.DeepCopyInto(&out.StaticPodOperatorSpec) in.ManagedBootImages.DeepCopyInto(&out.ManagedBootImages) in.NodeDisruptionPolicy.DeepCopyInto(&out.NodeDisruptionPolicy) + in.IrreconcilableValidationOverrides.DeepCopyInto(&out.IrreconcilableValidationOverrides) return } diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml index e93ef7995..a893b0e0f 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml @@ -155,7 +155,6 @@ etcds.operator.openshift.io: Category: coreoperators FeatureGates: - EtcdBackendQuota - - HardwareSpeed FilenameOperatorName: etcd FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_12" @@ -306,6 +305,7 @@ machineconfigurations.operator.openshift.io: Capability: "" Category: "" FeatureGates: + - IrreconcilableMachineConfig - ManagedBootImages FilenameOperatorName: machine-config FilenameOperatorOrdering: "01" diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index 582f9686f..206dd98c4 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -1379,6 +1379,15 @@ func (KubeStorageVersionMigratorList) SwaggerDoc() map[string]string { return map_KubeStorageVersionMigratorList } +var map_IrreconcilableValidationOverrides = map[string]string{ + "": "IrreconcilableValidationOverrides holds the irreconcilable validations overrides to be applied on each rendered MachineConfig generation.", + "storage": "storage can be used to allow making irreconcilable changes to the selected sections under the `spec.config.storage` field of MachineConfig CRs It must have at least one item, may not exceed 3 items and must not contain duplicates. Allowed element values are \"Disks\", \"FileSystems\", \"Raid\" and omitted. When contains \"Disks\" changes to the `spec.config.storage.disks` section of MachineConfig CRs are allowed. When contains \"FileSystems\" changes to the `spec.config.storage.filesystems` section of MachineConfig CRs are allowed. When contains \"Raid\" changes to the `spec.config.storage.raid` section of MachineConfig CRs are allowed. When omitted changes to the `spec.config.storage` section are forbidden.", +} + +func (IrreconcilableValidationOverrides) SwaggerDoc() map[string]string { + return map_IrreconcilableValidationOverrides +} + var map_MachineConfiguration = map[string]string{ "": "MachineConfiguration provides information to configure an operator to manage Machine Configuration.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", @@ -1401,8 +1410,9 @@ func (MachineConfigurationList) SwaggerDoc() map[string]string { } var map_MachineConfigurationSpec = map[string]string{ - "managedBootImages": "managedBootImages allows configuration for the management of boot images for machine resources within the cluster. This configuration allows users to select resources that should be updated to the latest boot images during cluster upgrades, ensuring that new machines always boot with the current cluster version's boot image. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default for each machine manager mode is All for GCP and AWS platforms, and None for all other platforms.", - "nodeDisruptionPolicy": "nodeDisruptionPolicy allows an admin to set granular node disruption actions for MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow for less downtime when doing small configuration updates to the cluster. This configuration has no effect on cluster upgrades which will still incur node disruption where required.", + "managedBootImages": "managedBootImages allows configuration for the management of boot images for machine resources within the cluster. This configuration allows users to select resources that should be updated to the latest boot images during cluster upgrades, ensuring that new machines always boot with the current cluster version's boot image. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default for each machine manager mode is All for GCP and AWS platforms, and None for all other platforms.", + "nodeDisruptionPolicy": "nodeDisruptionPolicy allows an admin to set granular node disruption actions for MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow for less downtime when doing small configuration updates to the cluster. This configuration has no effect on cluster upgrades which will still incur node disruption where required.", + "irreconcilableValidationOverrides": "irreconcilableValidationOverrides is an optional field that can used to make changes to a MachineConfig that cannot be applied to existing nodes. When specified, the fields configured with validation overrides will no longer reject changes to those respective fields due to them not being able to be applied to existing nodes. Only newly provisioned nodes will have these configurations applied. Existing nodes will report observed configuration differences in their MachineConfigNode status.", } func (MachineConfigurationSpec) SwaggerDoc() map[string]string { diff --git a/vendor/modules.txt b/vendor/modules.txt index 150535013..819098154 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -191,7 +191,7 @@ github.com/munnerz/goautoneg # github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f ## explicit github.com/mwitkow/go-conntrack -# github.com/openshift/api v0.0.0-20250710082954-674ad74beffc +# github.com/openshift/api v0.0.0-20250821192933-3d5bf11af6e6 ## explicit; go 1.24.0 github.com/openshift/api github.com/openshift/api/annotations